Uttered Linus Torvalds <[email protected]>, spake thus: > It does show that if you want to hide key operations, you want to be > careful. I don't think HT is at fault per se. Trivially easy when two processes share the same FS namespace. Consider two files: $ ls -l /tmp/a /tmp/b -rw------ 1 owner owner xxxxx /tmp/a -rw------ 1 owner owner xxxxx /tmp/b One file serves as a clock. Note that the permissions deny all access to everyone except the owner. The owner user then does this, intentionally or unintentionally: for x in 0 0 0 1 0 0 0 0 0 1 do rm -f /tmp/a /tmp/b case "$x" in 0 ) rm -f /tmp/a;; 1 ) touch /tmp/a;; esac touch /tmp/b sleep 2 done And the baddie does this: let n=1 let char=0 while (($n < 8)) do while [ ! -f /tmp/b ]; do sleep 0.5 done let char=((char << 1)) if [ -f /tmp/a ]; do let char=((char + 1)) done done printf "The letter was: %c\n" $char This is one of the classic TEMPEST problems that secure systems have long had to deal with. See, at no time did HT ever raise its ugly head ;-) Cheers
Attachment:
pgpg3HvGbFRKO.pgp
Description: PGP signature
- References:
- Hyper-Threading Vulnerability
- From: Gabor MICSKO <[email protected]>
- Re: Hyper-Threading Vulnerability
- From: Andi Kleen <[email protected]>
- Re: Hyper-Threading Vulnerability
- From: Alan Cox <[email protected]>
- Re: Hyper-Threading Vulnerability
- From: Scott Robert Ladd <[email protected]>
- Re: Hyper-Threading Vulnerability
- From: Linus Torvalds <[email protected]>
- Hyper-Threading Vulnerability
- Prev by Date: Re: [RFD] What error should FS return when I/O failure occurs?
- Next by Date: Re: 2.6.12-rc4-mm2
- Previous by thread: Re: Hyper-Threading Vulnerability
- Next by thread: Re: Hyper-Threading Vulnerability
- Index(es):